CVE-2025-10897
published 2025-10-31CVE-2025-10897: The WooCommerce Designer Pro theme for WordPress is vulnerable to arbitrary file read in all versions up to, and including, 1.9.28. This makes it possible for…
PriorityP267high8.6CVSS 3.1
AVNACLPRNUINSCCHINAN
EXPLOIT
EPSS
1.84%
76.4th percentile
The WooCommerce Designer Pro theme for WordPress is vulnerable to arbitrary file read in all versions up to, and including, 1.9.28. This makes it possible for unauthenticated attackers to read arbitrary files on the server, which can expose DB credentials when the wp-config.php file is read.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| jma_plugins | woocommerce_designer_pro | <= 1.9.28 | — |
Detection & IOCsextracted from sources · hover to see the quote
bytes↗
cm9vdDp4OjA6MDpy
- →Exploit is unauthenticated — monitor POST requests to /wp-admin/admin-ajax.php with the parameter action=wcdp_convert_resource_cmyk and a url= parameter containing file:// scheme URIs (e.g., file:///etc/passwd or file:///var/www/html/wp-config.php). ↗
- →Successful exploitation returns a JSON response containing both 'success' and 'base64' keys; the base64-encoded file content (e.g., cm9vdDp4OjA6MDpy for /etc/passwd root line) can be used as a response body match. ↗
- →Identify vulnerable WordPress installations by searching for the string 'wc-designer-pro' in HTTP response bodies (FOFA/Shodan fingerprint). ↗
- →The vulnerability is in the WooCommerce Designer Pro theme versions up to and including 1.9.28; any site running this theme version is susceptible to unauthenticated arbitrary file read, including wp-config.php exposure. ↗
- ·The exploit requires no authentication (PR:N, UI:N), meaning any unauthenticated HTTP client can trigger the file read via the AJAX action endpoint. ↗
- ·The vulnerability is caused by improper input validation that allows the url= parameter to accept file:// scheme URIs, enabling local file inclusion/read of arbitrary server files. ↗
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Nuclei
WooCommerce Designer Pro <= 1.9.28 - Arbitrary File Read
nuclei·CVSS 8.6
CVE-2025-10897 [HIGH] WooCommerce Designer Pro <= 1.9.28 - Arbitrary File Read
WooCommerce Designer Pro <= 1.9.28 - Arbitrary File Read
WooCommerce Designer Pro theme for WordPress <= 1.9.28 contains an arbitrary file read vulnerability caused by improper input validation, letting unauthenticated attackers read arbitrary files including sensitive configuration files, exploit requires no authentication.
Template:
id: CVE-2025-10897
info:
name: WooCommerce Designer Pro <= 1.9.28 - Arbitrary File Read
author: 0x_Akoko
severity: high
description: |
WooCommerce Designer Pro theme for WordPress <= 1.9.28 contains an arbitrary file read vulnerability caused by improper input validation, letting unauthenticated attackers read arbitrary files including sensitive configuration files, exploit requires no authentication.
impact: |
Unauthenticated attackers can read sensitive
No writeups or analysis indexed.
2025-10-31
Published